Menu
  • Home
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | forensics & things

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Font size: + –
Subscribe to this blog post Unsubscribe
Report
Print
7 minutes reading time (1314 words)

The #1 Reason that DFIR practitioners don’t post opinions

Digital Forensics
Brett Shavers
Tuesday, 09 April 2019
6806 Hits
0 Comments

 

Lesley Carhart tweeted today that a journalist used one of her tweets in an article that would have been rephrased in a less playful manner had the journalist just asked. I find this tweet to be an extremely important tweet that affects many in forensics (see my side note on 'forensics'). 

Lesley's tweet was in an article about a national security lapse, or actually, several national security lapses. The incident described in the article is important on its face of national security, yet a journalist took a snarky tweet to validate the journalist's statements. Lesley was spot on with her tweet, as Leslie mentioned, she would have written a killer response that would be better for the journalist had the journalist just asked her.

TFW your shitposting tweet about infosec is so funny they just stick it in a serious and credible news article 🤷🏻‍♀️🍸

— Lesley Carhart (@hacks4pancakes) April 9, 2019

Let me take this a step further to get to the crux of this blog post on why many practitioners don't post opinions online 

"I am afraid of some attorney using my words against me. - unnamed DFIR expert" 

I have spoken to more than a few practicing DFIR folks about their decisions to not openly use social media to discuss DFIR, since that is the best way to get the fastest answers to problems. The common response is the fear of having a conment being used against them in a case, especially since they are perpectually under subpoena in one case or another.  Some of those who do post online comments are using anonymous accounts. They are afraid of their words being used against them in court, so they go the anonymous route, as if that will protect them from answering the question under oath, "Do you have any social media accounts where you discuss your work?"

This commonly stated reason of fear of any comment or comments being used against them in legal proceedings where they stand to be called as a witness is something that I totally get.

 A scenario that can play out is being a witness in a civil or criminal trial, undergoing cross examination, and past comments being brought into play as a means of discrediting the witness. With journalists and activists reaching back decades of online comments to discredit or embarrass someone, the legal arena is ripe for doing the same thing (I have seen it done). In some instances, this could be reasonable if full context is introduced, and even then, opinions are like fruit; they can be perishable as time goes by.

I've had a tweet of mine end up in a class action suit filing. While I stand by it (not a good idea to link to JavaScript from an ad domain that was abandoned years ago—and now repurposed by an attacker—in a production site), it made me rethink how I framed things.

— Kenn White (@kennwhite) April 9, 2019

The result is that we have an incredible amount of talent, experience, and knowledge in the forensic world that refuse to post any comments online for the fear of potentially having a comment being used maliciously or falsely in either expert qualification or cross examination.  The impact on the community is that we miss the most relevant and impactful resources that could move the community forward 100x, all because of fear of being quoted out of context.

Some people, for whatever reason, do not want to disclose where they work, as if having any job would be embarrassing anyway. So, they stay anonymous online. Again, I totally get it, but if you aren’t bashing your employer, disclosing intellectual property, or being disingenuous in what you say, do you need to be anonymous?

What we get then is a slew of anonymous accounts. We have anonymous practitioners and experts, who we have no idea of their qualifications or reputation, stating opinions on “DFIR” topics, which do not have the same impact as a named person. It’s anonymous, therefore, untrusted and unverifiable, even when coming from someone who is probably the best to state an opinion on the topic at hand. We just don’t know, therefore, almost pointless.

Reasons supportive of anonymous accounts

I understand the use of anonymous accounts when your personal safety is at risk, such as working in a field where you or your family could be targeted (and killed) because of your job, such as working undercover or for an intelligence agency hunting terrorists.  If you are only doing forensics, the odds of being targeted are quite low… How do I know this? Because when I worked undercover, where I was day-in and day-out hanging out with people who killed people, I never had my name online. I was also at the point of not having any social media presence at all (anonymous or not) for the sole reason of limiting risk of exposure to myself and family.

Other than that, I see no need to have an anonymous account other than for the ability to post anything, and I mean practically anything, without any risk of being personally called out for unreasonable, untruthful, or otherwise harmful opinions.  Unless an employer has a specific policy that an employee cannot have a personal social media account, then anonymity simply appears to be a manner to spout off without recourse.  I’m still looking for an employer that prohibits an employee from having a social media account…  But again, I get it. Anonymity is here to stay.

To the anonymous experts

Brett’s opinion: Anonymous accounts hold zero weight for opinions. It doesn’t matter how many retweets, shares, or favorites you get, anonymity is not credibility.  But if you put your name on your words, your words are heavy. For those working in the legal arena, especially those writing affidavits, you particularly know the weight of an anonymous complaint versus someone willing to have their name listed in a search warrant affidavit. 

Your word is to your honor as your name is to your reputation.

The things that we say (post/tweet/share) today will most likely exist forever. This by itself should be enough to make us at least read our words before posting them. Although I will admit, I will re-read what I just typed, post it, and then catch my grammar errors too late after the post…but for the content, I stand by what I post. As to the grammatical errors, I’ll take them too because for context, my words are my words.

I hate saying that I was wrong

I do not like to apologize or admit to being wrong, but when I am, I do it. I consider everything that I do and say, including social media posts, to be under scrutiny of accuracy and truthfulness. I don’t need anyone scraping my data to find something that I misstated, but surely could see something in court or online by someone who wants to dig something up. That’s fine. If I was incorrect in stating something, I’ll admit that I was wrong.  I will even apologize for it because I want to learn and improve, not be stuck in growth in the field.

pot calling the kettle black

Yes, you have seen me, and will continue to see, embed someone's tweets in a blog post. But you will never see me take someone's comments out of context, nor re-post someone's comment that will embarrass or shame. That is uncool. However, I will showcase some good ones that deserve more discussion than just a tweet can do. The really important tweets that affect hundreds or thousands of people. Lesley's tweet is one of those tweets. Her tweet was perfectly done and did not need rephrasing in the least bit (or byte).

Tweet
Share on Pinterest
0
Puking in DFIR
If USB flash drives were shaped like spiders, we w...

About the author

Brett Shavers

Brett Shavers

 

Comments

No comments made yet. Be the first to submit a comment
Guest
Saturday, 23 January 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.brettshavers.com/

direct link

Brett's blog

Posts List

Tag Cloud

X-Ways Forensics windows forensic environment book phishing imaging Jimmy Weg North korea gmail tor browser investigation expert privacy bitcoin windows fe surveillance bitcoin forensics Virtualization investigations wiretap Bitcoin Forensics Hacker X-Ways Forensics Practitioner's Guide Volume Shadow Copy winfe case studies Placing the Suspect Behind the Keyboard forensics dfir presentations Hiding Behind the Keyboard Windows Forensic Environment email Registry Forensics 4cast University of Washington RegRipper training writing

Search Blog

Most popular posts

Brett Shavers
Brett Shavers
06 December 2015
RegRipper
RegRipper
Digital Forensics
The short story-if you want RegRipper, get it from GitHub (don't download it from anywhere else)http://github.com/keydet89What is RegRipper?RegRipper was created and maintained by Harlan Carvey. ...
0
38743 Hits
3 comments
Read More
Brett Shavers
Brett Shavers
25 April 2019
Game of Thrones, DFIR Style
Game of Thrones, DFIR Style
Digital Forensics
Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community and I dug a little deeper. Actually, I didn’t have to dig far at all to find trul...
0
37226 Hits
0 comments
Read More
Brett Shavers
Brett Shavers
10 September 2019
The Five Stages of the DFIR Career Grief Cycle
The Five Stages of the DFIR Career Grief Cycle
Digital Forensics
I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig, that I was honored that he agreed to write the foreword of a book that Eric Zimmerma...
1
36763 Hits
0 comments
Read More

Magnet Forensics Conversation

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.


Even better, support DFIR Training by subscribing at https://www.dfir.training/subscribe-3 and get access to multiple online courses in digital forensics with included ebooks!

More posts

Date
Date
  • When OSINT is turned into the Baseball Bat of Internet Mob Justice

    When OSINT is turned into…

    When OSINT is turned into the Baseball Bat of Internet Mob Justice

    We are of a curious mind, we the forensic examiners, private investigators, OSINT professionals, and journalists. Our work is for the public good, and we…

    Thursday January 14

    by Brett Shavers

    5547 hits / 0 comments

  • I took a look at Instagram's Terms of Service so that you won't have to.

    I took a look at…

    I took a look at Instagram's Terms of Service so that you won't have to.

    Who really reads the Terms of Service anyway?Are EULAs and TOSs intentionally designed as multi-page, single-spaced, 4 font, legalized writing to confuse users or simply…

    Saturday December 26

    by Brett Shavers

    8534 hits / 0 comments

  • White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user

    White Paper: The Susceptibility of…

    White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user

    I read an article that China used technology to spy on users via their phones (https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks). Here is my white paper analysis.#1 - If...

    Wednesday December 16

    by Brett Shavers

    4650 hits / 0 comments

  • How long does it take to get into the DFIR field?

    How long does it take…

    How long does it take to get into the DFIR field?

    Question I received: How long does it take before I can expect to get into a DFIR career?Answer: It depends!It depends on your available resources +…

    Thursday November 12

    by Brett Shavers

    14893 hits / 0 comments

  • An expert is just one page in a book ahead of you

    An expert is just one…

    An expert is just one page in a book ahead of you

    Let me dispel your notion of what an “expert” is. An expert is someone who has more information than you. That’s it. Imagine being stranded…

    Friday October 30

    by Brett Shavers

    5824 hits / 0 comments

  • Should you improve your DFIR skills on your personal time?

    Should you improve your DFIR…

    Should you improve your DFIR skills on your personal time?

    Almost two years ago, I wrote about burning out in DFIR (“Only race cars should burn out"). I still stand by what I wrote at…

    Friday September 04

    by Brett Shavers

    28343 hits / 0 comments

  • TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don't care.

    TikTok is like a big,…

    TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don't care.

    Short version: Any social media platform can be compared to the biggest, greasiest cheeseburger that you can find.  You know that the cheeseburger is unhealthy,…

    Tuesday July 07

    by Brett Shavers

    24017 hits / 0 comments

  • Jessica Hyde and I talk about forensic stuff

    Jessica Hyde and I talk…

    Jessica Hyde and I talk about forensic stuff

    Jessica Hyde of Magnet Forensics sat down together (virtually...) to talk about forensics.  In case you missed it, here it is!

    Thursday June 11

    by Brett Shavers

    10735 hits / 0 comments

  • Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection

    Facebook Spoofing: Your Reputation, Investigations,…

    Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection

    A “new” article on imposter Facebook accounts was published today in the Philippines.  I put “new” in quotes because this is not a new issue,…

    Sunday June 07

    by Brett Shavers

    2662 hits / 0 comments

  • You do not want to work in DFIR.

    You do not want to…

    You do not want to work in DFIR.

     The fantasySo many people ask how they can start a career in the DF/IR field, which is completely understandable. The glamour is there. Hollywood shows…

    Thursday June 04

    by Brett Shavers

    3278 hits / 0 comments

  • COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned.

    COVID-19’s Investigative Impacts on Digital…

    COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned.

    The meat and potatoesA bit is still a bit and a byte is still a byte. COVID-19 cannot change that, which means that the technical…

    Saturday April 25

    by Brett Shavers

    16858 hits / 0 comments

  • Mini-WinFE 10 and WinFE 10 Updated

    Mini-WinFE 10 and WinFE 10…

    Mini-WinFE 10 and WinFE 10 Updated

    The short story on the newest Mini-WinFE 10 (aka, the download link):Mini-WinFE has been updated and upgraded.  I update WinFE developments (including the downloads for…

    Sunday April 05

    by Brett Shavers

    10816 hits / 2 comments

  • Eat your broccoli first

    Eat your broccoli first

    Eat your broccoli first

    Something good and something not-so-good on learning DFIRThe good thing about learning DFIR is that there are probably fewer barriers and obstacles to learn and…

    Saturday January 18

    by Brett Shavers

    30970 hits / 0 comments

  • The Second Decade of the 2000s is almost over!

    The Second Decade of the…

    The Second Decade of the 2000s is almost over!

    We’ve come a long way in DFIR over the past 20 years, and even looking at just the past decade, the field has drastically grown!…

    Thursday December 26

    by Brett Shavers

    10720 hits / 0 comments

  • Public Records

    Public Records

    Public Records

    I have an outstanding public records request. It is not "outstanding" in the manner that I wrote a great request, but "outstanding" in that I…

    Thursday December 12

    by Brett Shavers

    5221 hits / 0 comments

  • The Five Stages of the DFIR Career Grief Cycle

    The Five Stages of the…

    The Five Stages of the DFIR Career Grief Cycle

    I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,…

    Tuesday September 10

    by Brett Shavers

    36763 hits / 0 comments

  • Our World is Going to Turn Upside Down with DeepFakes

    Our World is Going to…

    Our World is Going to Turn Upside Down with DeepFakes

    The short storyAny person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with any…

    Sunday September 01

    by Brett Shavers

    4455 hits / 0 comments

  • If you are comfortable in DFIR, you might be doing it wrong

    If you are comfortable in…

    If you are comfortable in DFIR, you might be doing it wrong

    I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the…

    Thursday August 29

    by Brett Shavers

    4803 hits / 0 comments

  • Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp

    Everything I Needed to Know…

    Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp

    You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits.  In fact, you can probably enjoy the…

    Saturday August 17

    by Brett Shavers

    6430 hits / 0 comments

  • Personality of a computer

    Personality of a computer

    Personality of a computer

    From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the…

    Wednesday July 31

    by Brett Shavers

    5082 hits / 0 comments

© 2021 Brett Shavers